Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[clang ubsan failure] descriptor.cc calls memset(NULL) when lazily-loading descriptor with no dependencies #3752

Closed
jmillikin-stripe opened this issue Oct 14, 2017 · 1 comment
Closed

[clang ubsan failure] descriptor.cc calls memset(NULL) when lazily-loading descriptor with no dependencies #3752

jmillikin-stripe opened this issue Oct 14, 2017 · 1 comment

Comments

@jmillikin-stripe
Copy link
Contributor

This was discovered in the Envoy test suite (envoyproxy/envoy#1682).

Given the following test body:

envoy::api::v2::Bootstrap bootstrap;
std::string bootstrap_text;
ASSERT_TRUE(::google::protobuf::TextFormat::PrintToString(bootstrap, &bootstrap_text));

Building with Clang 5 and -fsanitize=address,undefined will cause the test to fail with this error:

external/protobuf_bzl/src/google/protobuf/descriptor.cc:4167:12: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:62:62: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior external/protobuf_bzl/src/google/protobuf/descriptor.cc:4167:12 in

descriptor.cc:4167 is a call to memset():

4160   result->dependency_count_ = proto.dependency_size();
4161   result->dependencies_ =
4162       tables_->AllocateArray<const FileDescriptor*>(proto.dependency_size());
4163   if (pool_->lazily_build_dependencies_) {
4164     result->dependencies_once_ = tables_->AllocateOnceDynamic();
4165     result->dependencies_names_ =
4166         tables_->AllocateArray<const string*>(proto.dependency_size());
4167     memset(result->dependencies_names_, 0,
4168            sizeof(*result->dependencies_names_) * proto.dependency_size());
4169   } else {
4170     result->dependencies_once_ = NULL;
4171     result->dependencies_names_ = NULL;
4172   }

If proto.dependency_size() is 0 and lazy building is enabled, tables_->AllocateArray(0) is called (returning NULL) .
@jmillikin-stripe jmillikin-stripe mentioned this issue Oct 16, 2017
Merged
jmillikin-stripe added a commit to jmillikin-stripe/protobuf that referenced this issue Oct 16, 2017
@jmillikin-stripe
Fix undefined memory management found by Clang's sanitizers.
aff1097 
See protocolbuffers#3752 for context.
@jmillikin-stripe
Copy link
Contributor Author

This is fixed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmillikin-stripe